A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system.

The vulnerability is due to the web server responding with different error codes for existing and non-existing files. An attacker could exploit this vulnerability by sending GET requests for different file names. A successful exploit could allow the attacker to enumerate files residing on the system.

Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Vulnerable Products

At the initial time of publication, this vulnerability affected Cisco Enterprise Network Compute Systems that were running NFVIS releases earlier than Release 3.12.1.

The fix has been found to be incomplete in NFVIS releases 3.12.1 and 3.12.2. NFVIS releases 4.1 and later will contain the complete fix.

Fixed Releases

At the initial time of publication, Cisco Enterprise NFVIS releases 3.12.1 and later contained the fix for this vulnerability.

The fix has been found to be incomplete in NFVIS releases 3.12.1 and 3.12.2. NFVIS releases 4.1 and later will contain the complete fix.

]]>https://systemtek.co.uk/2019/09/cisco-enterprise-network-functions-virtualization-infrastructure-software-vulnerability-cve-2019-12623/feed/013946Fake PayPal Site Spreads Nemty Ransomwarehttps://systemtek.co.uk/2019/09/fake-paypal-site-spreads-nemty-ransomware/
https://systemtek.co.uk/2019/09/fake-paypal-site-spreads-nemty-ransomware/#respondFri, 13 Sep 2019 13:35:30 +0000http://systemtek.co.uk/?p=13942BleepingComputer has published a blog analysing a new version of the Nemty ransomware being spread through a fake PayPal website.

]]>BleepingComputer has published a blog analysing a new version of the Nemty ransomware being spread through a fake PayPal website. The Nemty ransomware has been seen testing various distribution methods, such as via exploit kits, but this article discusses a new vector. In this case, the attacker used content from a legitimate PayPal website to host a fake copy on a homograph domain name.

If a user downloads the falsely-advertised cash back app, a malicious executable is retrieved instead. Upon execution, this payload, which has been identified as the Nemty ransomware version 1.4, checks whether the host is in Russia, Belarus, Kazakhstan, Tajikistan, or Ukraine. If it is, execution stops. Otherwise, the ransomware proceeds with the encryption process.

]]>The Firefox Private Network (beta) is an extension which provides a secure, encrypted path to the web to protect your connection and your personal information anywhere and everywhere you use your Firefox browser.

There are many ways that your personal information and data are exposed: online threats are everywhere, whether it’s through phishing emails or data breaches. You may often find yourself taking advantage of the free WiFi at the doctor’s office, airport or a cafe. There can be dozens of people using the same network — casually checking the web and getting social media updates.

This leaves your personal information vulnerable to those who may be lurking, waiting to take advantage of this situation to gain access to your personal info. Using the Firefox Private Network helps protect you from hackers lurking in plain sight on public connections.

Start testing the Firefox Private Network today, it’s currently available in the US on the Firefox desktop browser. A Firefox account allows you to be one of the first to test potential new products and services, you can sign up directly from the extension.

Key features of Firefox Private Network are:

Protection when in public WiFi access points – Whether you are waiting at your doctor’s office, the airport or working from your favorite coffee shop, your connection to the internet is protected when you use the Firefox browser thanks to a secure tunnel to the web, protecting all your sensitive information like the web addresses you visit, personal and financial information.

Internet Protocol (IP) addresses are hidden so it’s harder to track you – Your IP address is like a home address for your computer. One of the reasons why you may want to keep it hidden is to keep advertising networks from tracking your browsing history. Firefox Private Network will mask your IP address providing protection from third party trackers around the web.

Toggle the switch on at any time. By clicking in the browser extension, you will find an on/off toggle that shows you whether you are currently protected, which you can turn on at anytime if you’d like additional privacy protection, or off if not needed at that moment.

The FireFox documentation for this says “This iterative process will give us much-needed feedback to explore technical and possible pricing options for the different online needs that the Firefox Private Network meets”. So it looks like the Firefox Private Network will be an add on that you may have to pay for in the end. At the moment during testing, this is free.

]]>https://systemtek.co.uk/2019/09/you-can-now-test-firefox-private-network/feed/013936Ofcom to release new (020) 4 phone numbers to Londonhttps://systemtek.co.uk/2019/09/ofcom-to-release-new-020-4-phone-numbers-to-london/
https://systemtek.co.uk/2019/09/ofcom-to-release-new-020-4-phone-numbers-to-london/#respondThu, 12 Sep 2019 20:38:53 +0000http://www.systemtek.co.uk/?p=1392810 million new London phone numbers to be made available this year Current numbers set to run out within a

London will gain 10 million more landline phone numbers later this year, as Ofcom introduces a new ‘(020) 4’ range to keep the capital connected.

As London expands and new homes and offices are built, there is increasing demand for new phone numbers. The capital, whose dialling code is 020, currently has 30 million phone numbers allocated across the existing (020) 3, 7 and 8 ranges.

But fewer than a million of these are left to be handed out to phone companies, and those will be used up within a year – as Ofcom distributes 30,000 London numbers each week.

UK customers still spend 44 billion minutes making landline calls every year. And although usage is declining, most home broadband connections rely on a landline which needs a number. So Ofcom is introducing a new number range for London to meet demand.[1]

New London numbers

Ofcom allocates numbers for phone companies to provide services to their customers. We will begin releasing blocks of ‘(020) 4’ numbers to telecoms providers in the autumn. Providers will then be able to start issuing these to customers by the end of the year.

We’re seeing growing need for 020 numbers, as London expands and new homes and offices are built. These 10 million new numbers will allow us to meet demand and help keep the capital connected.

Liz Greenberg, Head of Numbering at Ofcom

History of London numbers

London’s area code has changed several times over the years.

In 1958 the city was allocated the single code 01, which remained until 1990 when it was replaced by two codes – 071 for inner London numbers, and 081 for outer London. Five years later, all UK area codes gained a ‘1’ after the ‘0’ to make it clear it was a landline number, and the capital’s codes changed to 0171 and 0181.

In 2000, the UK’s phone numbers were reorganised through the “Big Number Change”. London was given a single area code once again – 020 – and the inner and outer London divide was removed.

But five years later, Ofcom researched uncovered a widespread misconception among Londoners that the city still had two area codes – 0207 and 0208. Only 13% of people, without prompting, correctly identified 020 as being London’s single area code.[2]

How phone numbers evolved

In the early days of telephone calls, operators manually put callers through to each other. Phone numbers were designated based on the name of the local telephone exchange.

The first three letters of the exchange name were converted to the corresponding digits on the telephone dial. For example, you might have rung the operator and asked for “WIMbledon 0456”, which would have been converted to 946 0456.

So there are still clues to the origins of certain phone numbers. Today, that number would be 020 7946 0456.

Next steps

Ofcom will start accepting applications for ‘(020) 4’ numbers from telecoms companies from 1 October, and we expect the new numbers to start being allocated to customers from December 2019.

]]>More than £750,000 has been awarded to councils looking to improve
services using digital technology, Local Government Minister Luke Hall
MP has announced (12 September 2019).

Six projects by local authorities working together across the country
have received £753,000 from the Ministry of Housing, Communities and
Local Government’s Local Digital Fund.

They include projects aimed at improving online housing repairs
services, making websites for planning applications easier to use, and
giving residents smoother methods of online payment.

Minister for Local Government, Luke Hall MP, said:

Councils up and down the country are working together to embrace digital technology and improve public services.

They are truly looking ahead and adapting their
work to make things better for residents. I’m delighted to invest over
£750,000 from our Local Digital Fund into 6 more collaborative projects
aimed at improving local services.

Projects funded and the local authorities involved are:

Stockport Metropolitan Borough Council (lead), Leeds City Council, and Manchester City Council – £350,000.

Providing social workers with better information to cut the time and
cost of child referrals. A project to provide social workers with better
family context information from other local services for their child
referrals. It will speed up children’s social workers’ decision making,
improving the experience of families, and saving money.

Buckinghamshire County Council (lead), Adur and Worthing Council, London Borough of Croydon and Leeds City Council – £50,000.

Prototyping an open community directory of support services. The
project will be aimed at developing a community-based service directory
in local areas to help residents and council officers know which support
services are available locally. This includes both council and
third-sector provided support services.

London
Borough of Southwark (lead), London Borough of Hackney, Greater London
Authority, and Surrey Heath Borough Council – £100,000.

Exploring how to make the planning process more efficient and
transparent. The project will look at user-centred digital planning
application systems.

City of Lincoln Council, London Borough of Southwark, South Kesteven District and Royal Borough of Greenwich – £100,000

Developing a better online housing repairs system. A project to
explore and prototype common service patterns for reporting and managing
repairs.

Barnsley
Metropolitan Borough Council (lead), Allerdale Borough Council,
Cherwell District Council, Huntingdon District Council, North East
Lincolnshire District Council, Sheffield City Council and South
Northamptonshire Council – £80,000.

Exploring income management and e-payments. A project to help
councils overcome blockages to adopting existing cost-effective payment
and management systems and move away from legacy systems and suppliers.

Worcestershire County Council (lead), Redditch and Bromsgrove Council and Suffolk County Council – £73,000.

Providing registrations data to local authority housing services. A
project to use death registration data to reconcile the availability of
social housing, reduce the wait time for families on local housing lists
and prevent lost council tax revenue.

Ideas could range from making people’s lives easier with more
efficient, online ways to pay for services or get help, to embracing
tech to support vulnerable people or making bin collections, social
housing repairs and taxi licensing services more efficient.

For the projects, lead councils across the country partner with at
least 2 other councils to share knowledge and ideas. This collaborative
approach is a key pillar of the government’s Local Digital Declaration, launched in 2018, to coordinate public bodies seeking digital solutions

The Fund is also being invested in digital skills and digital leadership training for council staff.

Early Glupteba campaigns used compromised Linux-based web servers to distribute the malware, however, later campaigns shifted to an unidentified adware-as-a-service platform for delivery. The most recent campaigns have now begun using an unnamed preliminary dropper delivered via malvertising to install Glupteba.

Trend Micro has identified a new strain that contains a browser stealer for sensitive data and a routine exploiter for MikroTik routers via the CVE-2018-14847 vulnerability.

Once delivered, Glupteba will connect to a command and control server (see below) before attempting to extract account data, browser profiles and passwords using an additional key logging module. It will then enumerate the local network to discover any Internet-of-Things devices, installing a SOCKS proxy on any it finds. Glupteba is also able to install other payloads including cryptocurrency miners and ransomware tools.

]]>Domen is a malware delivery toolkit that uses extensive reconnaissance and social engineering techniques to ensure its delivery campaigns are successful. Domen is able to target desktop and mobile users in thirty different languages across more than twenty countries.

The group operating Domen use previously compromised websites, primarily running content management systems or blogging platforms, as initial watering holes. The group will then place an HTML iframe element containing Domen on the compromised sites. Users are directed to the sites via malicious adverts or redirects from other legitimate sites. There are also unconfirmed reports suggesting the group distribute links to the compromised sites via spam email campaigns.

The idea of this kit is to compromise a website, usually WordPress, and use that to display an overlay (loaded as an iframe) on the viDomensitors’ screens. The overlay entices visitors to install an update that really downloads the NetSupport RAT.

Once a user reaches a compromised site, Domen will execute several scripts to collect user and system information including operating system version, location and browser activity. It will then use this information to display an overlay asking the user to download a relevant product or technology. Interacting with this overlay will download the intended payload, which will differ depending on the user profile and device operating system.

]]>https://systemtek.co.uk/2019/09/domen-sophisticated-social-engineering-toolkit/feed/013900Worldwide Sweep Targets Business Email Compromise [Operation reWired]https://systemtek.co.uk/2019/09/worldwide-sweep-targets-business-email-compromise-operation-rewired/
https://systemtek.co.uk/2019/09/worldwide-sweep-targets-business-email-compromise-operation-rewired/#respondWed, 11 Sep 2019 10:00:56 +0000http://systemtek.co.uk/?p=13898The FBI and federal partners have announced scores of arrests in the United States and overseas in a coordinated law

]]>The FBI and federal partners have announced scores of arrests in the United States and overseas in a coordinated law enforcement sweep targeting perpetrators of an insidious scam that tricks businesses and individuals into wiring money to criminals.

Operation reWired, a months-long, multi-agency effort to disrupt and dismantle international business email compromise (BEC) schemes, resulted in 281 arrests, including 74 in the United States, officials announced. Arrests were also made in Nigeria, Turkey, Ghana, France, Italy, Japan, Kenya, Malaysia, and the United Kingdom. The sweep resulted in the seizure of nearly $3.7 million and the disruption and recovery of approximately $118 million in fraudulent wire transfers.

These sophisticated
cyber-enabled scams often target employees with access to company
finances and—using methods like social engineering and computer
intrusions—trick them into making wire transfers to bank accounts
thought to belong to trusted partners. The accounts are actually
controlled by the criminals.

The operation follows last year’s Operation WireWire, a similar effort that led to total 74 arrests and the seizure of $2.4 million. Thirty-nine of the FBI’s 56 field offices participated in this year’s sweep alongside state and local task force officers and partner agencies, including the Department of Homeland Security, Department of State, Department of the Treasury, and the U.S. Postal Inspection Service.

The effects of this crime are far-reaching, and the dollar amounts involved are staggering. Since the Internet Crime Complaint Center (IC3) began formally tracking BEC (and its variant, email account compromise, or EAC) in 2013, it has gathered reports of more than $10 billion in losses from U.S. victims alone. The worldwide tally is more than $26 billion.

Image via www.fbi.gov

“The FBI is working every day to
disrupt and dismantle the criminal enterprises that target our
businesses and our citizens,” said FBI Director Christopher Wray.
“Through Operation reWired, we’re sending a clear message to the
criminals who orchestrate these BEC schemes: We’ll keep coming after
you, no matter where you are.”

Criminal organizations that perpetrate BEC schemes don’t just target companies. They also exploit individual victims—such as real estate purchasers or the elderly—by convincing them to make wire transfers to bank accounts controlled by the criminals. The scam can also involve requests to purchase gift cards and send the serial numbers or to mail a check, but the request will always appear to come from someone known to or trusted by the victim.

“Through Operation reWired, we’re sending a clear
message to the criminals who orchestrate these BEC schemes: We’ll keep
coming after you, no matter where you are.”

FBI Director Christopher Wray

An FBI case that was part of last year’s operation illustrates how
the BEC scheme works: Beginning in 2015, two men working remotely from
the United Kingdom and Nigeria sent emails to an executive at a
Connecticut-based company appearing to be from the company’s CEO, who
was also located overseas. The purported CEO was requesting a wire
transfer of funds. The email looked legitimate, so the company’s
controller sent multiple wire transfers totaling more than $500,000. But
as it turns out, the CEO’s email account had been spoofed—and the money
went straight into accounts managed by the criminals.

“If you saw
the email, it would look very legitimate,” said Special Agent Jennifer
Boyer, who worked the case out of the FBI’s New Haven Field Office. She
encouraged anyone who is in a position to wire money to pause and
question all requests before hitting send.

“Take a moment to
consider that maybe it’s not your boss and pick up the phone and
verify,” said Boyer. “It’s that second-factor authentication that people
really need to implement, and so many people don’t.”

In addition to verifying all financial requests received by email, the IC3 recommends businesses and individuals:

Use two-factor authentication to verify any change to account information or wire instructions.

Check the full email address on any message and be alert to hyperlinks that may contain misspellings of the actual domain name.

Don’t supply login credentials or personal information in response to a text or email.

Regularly monitor financial accounts.

Keep all software and systems up to date.

Victims of business email compromise schemes are encouraged to contact law enforcement immediately and file a complaint online with the IC3 at bec.ic3.gov. The IC3 staff reviews complaints, looks for patterns or other indicators of significant criminal activity, and refers investigative packages of complaints to the appropriate law enforcement authorities.

]]>Claiming disgruntlement with private control of public transport a hacker collective made a copy of First Bus Manchester’s ticket app and reverse engineered it. In the process they discovered that the RSA private keys to sign the QR code were embedded in the app itself.

Both the First Bus app and the Metrolink app, were developed by Corethree, a company that makes mobile ticketing apps.

Rather than disclosing the issue to the developer the hacker collective has released a ride-buses-for-free code.

The group believes that public transport should be free to all and this is the reasoning for going public with the findings, adding that the research is its “contribution to get us closer to that end”.

We, the Public Transport Pirate Association of the United Kingdom are releasing our research on reverse engineering public transportation tickets in most major UK cities (excl. London.)

The reason we’ve decided not to go down the responsible disclosure path is being strong believers in public transportation being a common good that should be free for everyone, and this research is our contribution to get us closer to that end.

The initial release focuses on the Greater Manchester area, but can be easily adapted to other transportation networks that use the corethree middleware for their electronic tickets.

The security of the corethree apps is laughable at best, we could tell you guys really tried, but in the end focused too much on low-tech threats (i.e. taking a screenshot of a ticket and sending it to a friend) to be much of a challenge to even a novice hacker/reverse engineer. We’d especially like to thank you for including the private RSA keys to sign the QR codes in the First Bus m-ticket app.